A parliamentary committee has rebuffed industry allegations that the federal government is rushing through legislation forcing companies to publicly notify consumers of security breaches.

The Senate committee, which held a snap inquiry into the bill over six days, voiced support for the proposed legislation on Monday afternoon as the government seeks to pass dozens of bills before Parliament rises at the end of the week.

The inquiry prompted concerns from industry groups Communications Alliance and the Australian Bankers’ Association that the government was rushing through legislation that would saddle large companies with greater compliance costs and overlay cumbersome security standards.

Companies face fines of up to $1.7 million for serious or repeat offences of the proposed law, or $340,000 for individuals, adding to the average cost of $2.72 million research firm Ponemon said companies paid for data breaches last year.

But the committee argued the companies had “been afforded ample opportunity" to comment on the bill, which comes five years after the Australian Law Reform Commission first recommended the introduction of mandatory data breach disclosure in 2008.

Related Quotes

Company Profile

“The committee agrees that the proposed reform is ‘long overdue’ and would benefit Australian consumers, as well as industry stakeholders, who would be simultaneously encouraged to effect and maintain high-quality data security practices," it said.

The proposal, which follows similar moves in the United States and elsewhere, has been championed by the security industry and consumer groups as ­beneficial to consumers who may become victims of fraud as a result, while allowing for a greater public conversation on the need for security.

Breaches common

The ­Australian Communications Consumer Action Network, a consumer advocacy group, pointed to repeated breaches of major telecommunications companies as a reason to introduce the reforms.

“Organisations will have to adjust existing compliance systems for reporting and notification of ­serious data breaches significantly affecting identifiable individuals without the knowledge of the scope of other circumstances which are later defined by regulations," the ABA said in a submission to the committee considering the ­proposal.

Communications Alliance, which represents companies including Telstra, said industry ­consultation on the proposal had been rushed by the federal ­government and companies would not be able to adjust their systems in time to meet the new laws.

“The implementation of a mandatory data breach system is likely to be costly," it said.

“This, of course, may depend on what current systems are in place within each business, as well as the costs of ensuring compliance with a mandatory scheme."

Other groups, such as the ­Australian Finance Conference, argued there was no evidence for a market failure that required ­additional legislation.